Re: [PATCH -next] audit: only print records that will be dropped via printk()

From: Paul Moore
Date: Wed Feb 23 2022 - 17:00:35 EST

Next message: kernel test robot: "[mingo-tip:sched/headers 2200/2340] arch/mips/loongson32/common/irq.c:28:9: error: implicit declaration of function '__raw_writel'"
Previous message: Linus Torvalds: "Re: [RFC PATCH 03/13] usb: remove the usage of the list iterator after the loop"
In reply to: Gaosheng Cui: "[PATCH -next] audit: only print records that will be dropped via printk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 23, 2022 at 4:41 AM Gaosheng Cui <cuigaosheng1@xxxxxxxxxx> wrote:
>
> When an admin enables audit at early boot via the "audit=1" kernel
> command line, netlink send errors seen will cause the audit subsystem
> to drop some records or return records to the queue. And all records
> will be printed via printk() in the kauditd_hold_skb(), but actually
> only the records that will be dropped need to be printed via printk().
>
> Signed-off-by: Gaosheng Cui <cuigaosheng1@xxxxxxxxxx>
> ---
> kernel/audit.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)

When records are moved to the hold queue the system is in a bad state
so printing the record via printk() regardless of if the record is
able to be successfully queued or dropped is important. If this is
happening frequently on your system, this is likely a sign your system
is misconfigured.

--
paul-moore.com

Next message: kernel test robot: "[mingo-tip:sched/headers 2200/2340] arch/mips/loongson32/common/irq.c:28:9: error: implicit declaration of function '__raw_writel'"
Previous message: Linus Torvalds: "Re: [RFC PATCH 03/13] usb: remove the usage of the list iterator after the loop"
In reply to: Gaosheng Cui: "[PATCH -next] audit: only print records that will be dropped via printk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]